exploitDog

CVE-2020-35852

Опубликовано: 23 фев. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS.

Ссылки

https://getgist.com
Product
https://getgist.com/chatbot-software/
Product
https://github.com/riteshgohil/My_CVE/blob/main/CVE-2020-35852.md
Exploit
Mitigation
Third Party Advisory
https://getgist.com
Product
https://getgist.com/chatbot-software/
Product
https://github.com/riteshgohil/My_CVE/blob/main/CVE-2020-35852.md
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:getgist:chatbox:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00255

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-hrgf-mc75-gm4x

github

больше 3 лет назад

Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS.

EPSS

Процентиль: 49%

0.00255

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79